CVE-2019-7642

Exploit

EPSS 10.87%
Veröffentlicht 25.03.2019 22:29:00
Zuletzt bearbeitet 21.11.2024 04:48:27
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dlink ≫ Dir-817lw Firmware Version1.04

Dlink ≫ Dir-817lw Versiona1

Dlink ≫ Dir-816l Firmware Version2.06

Dlink ≫ Dir-816l Versionb1

Dlink ≫ Dir-816 Firmware Version2.06

Dlink ≫ Dir-816 Versionb1

Dlink ≫ Dir-850l Firmware Version1.09

Dlink ≫ Dir-850l Versiona1

Dlink ≫ Dir-868l Firmware Version1.10

Dlink ≫ Dir-868l Versiona1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	10.87%	0.927

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2019-7642

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-7642

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-7642

EUVD